2014 - 2015Nowadays the current network-centric world has given rise to several
security concerns regarding the access control management, which en-
sures that only authorized users are given access to certain resources
or tasks. In particular, according to their respective roles and respon-
sibilities, users are typically organized into hierarchies composed of
several disjoint classes (security classes). A hierarchy is characterized
by the fact that some users may have more access rights than others,
according to a top-down inclusion paradigm following speci c hier-
archical dependencies. A user with access rights for a given class is
granted access to objects stored in that class, as well as to all the de-
scendant ones in the hierarchy. The problem of key management for
such hierarchies consists in assigning a key to each class of the hierar-
chy, so that the keys for descendant classes can be e ciently obtained
from users belonging to classes at a higher level in the hierarchy.
In this thesis we analyze the security of hierarchical key assignment
schemes according to di erent notions: security with respect to key
indistinguishability and against key recovery [4], as well as the two
recently proposed notions of security with respect to strong key in-
distinguishability and against strong key recovery [42]. More precisely,
we rst explore the relations between all security notions and, in par-
ticular, we prove that security with respect to strong key indistin-
guishability is not stronger than the one with respect to key indistin-
guishability. Afterwards, we propose a general construction yielding
a hierarchical key assignment scheme that ensures security against
strong key recovery, given any hierarchical key assignment scheme
which guarantees security against key recovery.
Moreover, we de ne the concept of hierarchical key assignment
schemes supporting dynamic updates, formalizing the relative secu-
rity model. In particular, we provide the notions of security with
respect to key indistinguishability and key recovery, by taking into ac-
count the dynamic changes to the hierarchy. Furthermore, we show
how to construct a hierarchical key assignment scheme supporting dy-
namic updates, by using as a building block a symmetric encryption
scheme. The proposed construction is provably secure with respect to
key indistinguishability, provides e cient key derivation and updat-
ing procedures, while requiring each user to store only a single private
key.
Finally, we propose a novel model that generalizes the conventional
hierarchical access control paradigm, by extending it to certain addi-
tional sets of quali ed users. Afterwards, we propose two construc-
tions for hierarchical key assignment schemes in this new model, which
are provably secure with respect to key indistinguishability. In par-
ticular, the former construction relies on both symmetric encryption
and perfect secret sharing, whereas, the latter is based on public-key
threshold broadcast encryption. [edited by author]XIV n.s